Who is the real

Security – Article

l a e r e h t s i o h W

? T A E R TH When you think about the people who pose the greatest risk to your systems, what comes to mind? Is it the hacker working hour after hour in a dark, airless room in some far-off country? Is it a bunch of white hats from MIT showing off their skills so you’ll hire them? Or a rogue hacktivist with a point to make about something your company has done? While all of those scenarios present real possibilities, you’re much more likely to get compromised by someone inside the organization.

Better access = greater risk. Not very long ago, most of a company’s data existed in closed networks, largely inaccessible to anyone without a direct connection to the network. Most users were, by default, “authorized users,” and security was all about offsite backups or taking tapes home at night in case of disaster. And once the users left the building, there wasn’t much they could do – good or bad – with company data anyway. Just like today’s workers, the worker of tomorrow will expect data to be available everywhere – on the network, on corporate- and employee-owned mobile devices, on USB drives, and, of course, in the cloud. While this is a huge positive in terms of mobility

and productivity, it opens up corporate data to significant risks as it becomes much more difficult to track and secure as it moves across applications and devices at the will of users. Unfortunately, insiders present the greatest risk. Whether intentionally or accidentally, those users open company data to a wide range of attacks, threats, and loss. Even well-designed security protocols and hardware can be thwarted by the careless or malicious behavior of people with access to your information. Because security is largely a game of leapfrog between security professionals and bad actors, many infrastructure-based tools are only effective for a limited period of time. But by targeting the intersection of your people and your data, you may find that you have the upper hand.

So who’s who? Security professionals have identified three basic types of insiders: accidental, compromised, and malicious, with a number of subgroups to consider. What’s more, the same user may move among all three types over time, often depending on job satisfaction, personal financial problems, or simply a failure to understand how their actions affect security.

Make Zones your technology partner. Visit zones.com or call 1.800.408.ZONES today.

1 of 3

Security – Article that the data they access is theirs to use however and wherever they see fit. But when that data is company financials, source code, proprietary research, or similarly valuable intellectual property, it gets dangerous very quickly. Compromised insiders Compromised insiders are people whose credentials have been stolen – by any number of means – and used by an attacker. And because profile alerts don’t provide definitive proof a user has been compromised, IT doesn’t see the threat until the damage is done. They fall into the following subgroups: > Malware victims. These workers allow a breach to occur in the network and open the door to hackers. They may have opened a malicious attachment, downloaded a bad file, or clicked the wrong button while visiting a website they should not have been using in the first place. > Impersonated users. These are the employees whose credentials have been lost or stolen – or who have been tricked into giving them up. They are people who have been fooled by social engineering or failed to safeguard their credentials properly, allowing bad actors to use those credentials to access the network – and worse, access the network undetected. Malicious insiders Accidental insiders Accidental insiders, while well-meaning employees, are people who simply make mistakes. It could be a lack of training, a lack of awareness about phishing risks, or any number of reasons. Sometimes, they’re simply trying to be efficient and end up taking shortcuts. Here’s a look at some of these subgroups:

These are the really bad guys. The ones with knowledge of, and access to company resources. And because they have access to the network, they are free to do a lot of damage over time. Their motivations may vary – money, revenge, or outright theft – but they are extremely dangerous. They fall into the following subgroups:

> Inadvertent actors. These are people who may not know better. Maybe the company hasn’t trained them on procedures properly or maybe they were unable to understand their importance. Perhaps, they send a document to the wrong email address, or share company information to look more important to others. Nevertheless, the “honest” mistakes they make can do a lot of damage.

> Rogue employees. These are the people with a grudge. They may have been reprimanded by their boss, had a bad performance review, been demoted, or been passed over for a promotion, and now they’re angry and out for revenge. They may steal information, damage or corrupt files, or publish confidential information in order to hurt the company. And since they are authorized users, the damage they do can be significant and hard to identify until it’s too late.

> Convenience seekers. These are the people who fail to follow protocol, but not necessarily with bad intent. They are the employees who put data were it doesn’t belong or should not go because it makes it easier to do their jobs. They may think

> Criminal actors. These are the insiders who are methodically conducting corporate espionage or acting as agents for foreign governments or criminal organizations. They have access and a motive. In other words, they are extremely dangerous.

Make Zones your technology partner. Visit zones.com or call 1.800.408.ZONES today.

2 of 3

Security – Article And how do we stop them? With so many variables and motivations at work in the minds of users, it’s not easy but it is possible to significantly reduce the risks through a robust Data Loss Prevention (DLP) strategy and the appropriate tools. A comprehensive DLP solution includes a number of components working together: Cloud security and cloud access security broker (CASB) technology.These focus on protecting people working on the web and with their email accounts from any location, on any device. Network security. Gaining visibility into people’s actions across the network in order to restrict bad actors from accessing data centers and cloud environments. Data & insider threat security.Identifying high-risk users and data activity, and addressing them in real time. Cross domain solutions. Securing the access and transfer of sensitive information across multiple networks, while maintaining efficient access to company data. The common denominator here is context; being able to effectively identify user behavior to control their actions and activities on the network. These systems have to be able to observe behavior and determine intent in order to safeguard your users and your data at the point where they meet. This, in combination with traditional security hardware and software, can greatly reduce the risk from all types of insider threats – no matter where your data needs to go. So, what’s you next move? After all, you can’t stop progress. And you can’t stop change. But you can stop attackers – inside and outside the organization – from getting their hands on your critical data. And we can show you how. Your Zones account executive can put you in touch with one of our Security Solutions specialists, who can lead a comprehensive security assessment of your infrastructure and help you implement a robust, customized DLP solution using technology from a portfolio of providers that includes McAfee Security, Forcepoint, Symantec, and other leaders in the industry – to keep threats off your back.

3 of 3

Make Zones your technology partner. Visit zones.com or call 1.800.408.ZONES today.

Security_170726

©2017 Zones, Inc. All rights reserved. Unauthorized duplication is a violation of federal laws. Zones and Zones.com are registered trademarks of Zones, Inc. All product names are trademarks of their respective holders.